Is E-Mail Authentication Back on the Radar?

By Larry Seltzer  |  Posted 2006-04-20 Print this article Print

Opinion: Standards bodies basically whiffed on the matter, but private industry seems to have taken the ball and is running fast.

Just when Im done dismissing the potential for e-mail authentication to become an effective standard, evidence is presented to the contrary. The E-mail Authentication Summit on April 19 wasnt even the highest-profile event at the hotel where it took place (Secretary of State Condoleezza Rice spoke to the Chicago Council on Foreign Relations there the same day). The 2005 Summit got a lot more ink.

But according to the Email Sender and Provider Coalition (I think this used to be the Email Service Provider Coalition), adoption has been moving along at an aggressive pace.
Much more of the total body of Internet E-mail comes from organizations supporting one of the two main authentication standards than you might think. Support by large senders is why.

Dont get me wrong, I really want to believe this, but Im suspicious. My guess right now is that their basic point is right, but that its not as far along as they want their numbers to imply.

The basic point is that adoption of SIDF (Sender ID Framework) and DKIM (DomainKeys Identified Mail) has moved along aggressively in the last year among large players, to the point where everyone else has to start dealing with it. Theyre trying to portray an image of momentum that e-mail players have to start moving along with authentication because theyll be left behind if they dont.

Consider this claim: "AOL, Microsoft and Yahoo, whose combined e-mail accounts receive over 50 percent of the commercial e-mail in the country, support at least one of the current authentication standards." Many other large senders of e-mail, the ones with the biggest interest in authentication succeeding (Citibank for example), are adopting it. DKIM support in all Internet mail is up from nothing to 9 percent inside of a year, and SIDF is up to 35 percent.

But adoption is a complex task. A cursory look at the SIDF and DKIM standards would give you the impression that its just a matter of making some DNS changes and maybe upgrading your mail servers to support some new tools, but for a large organization it can be quite complex. You have to have clear control over all the outbound mail sources for your organization, including those belonging to outside service providers. You have to establish procedures that must be followed whenever DNS or mail server changes are made.

As a result, many of the organizations that are said to be in compliance are only partly so. For example, they may not have all their subsidiary organizations in compliance, they may not have worked out all the details with outside service providers (although the legitimate ones are enthusiastic supporters of authentication).

Next Page: The inbound/outbound issue.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel